|Short Description||The system’s screen is locked, the user is prompted to take part in an online survey.|
|Symptoms||System executable files are locked. Access to Task Manager and Registry is prevented.|
|Distribution Method||Not clear yet.|
|Detection tool||Download Malware Removal Tool, to See If Your System Has Been Affected By ScreenLocker|
We have seen ransomware going through new development stages. As a result, latest ransomware pieces become more and more sophisticated and exceed even the boldest of expectations. In that sense, the appearance of the ScreenLocker ransom threat shouldn’t be of any surprise. Some security researchers even believe that ScreenLocker has been created with the sole purpose to test new possibilities of ransom software. Another explanation for the peculiar features of ScreenLocker is that it is still in a development stage.
ScreenLocker Novel Features. Comparison with Other Ransomware
Typically, ransomware threats such as CryptoLocker and CryptoWall, encrypt personal files on the targeted system, and seek payment so that the decryption key is obtained. However, ScreenLocker infections are quite different.
Once a PC is infected, ScreenLocker will block any system executable files, and prevents the user from accessing the Task Manager and Windows Registry. To restore access to these locations, the victim will have to delete a value dubbed RealtekSoftware. The value location is:
Nonetheless, ScreenLocker locks the system’s screen and prevent the user from initiating any actions. Even though the threat is ransomware by nature, it doesn’t display any ransom message with payment instructions. Instead, the user will be asked to participate in an online survey.
If the user is tricked and decides to follow the link provided in the ransom message, he may just give away valuable information. The whole infection may be nothing more than some ‘ransomware research’.
This is the screen alert displayed by ScreenLocker that is either in English:
We have detected that the software running on your computer is not genuine, please complete an offer below to unlock the computer permanently and insert the key below that will be provided after complete supply.
To get the key, complete a survey by clicking HERE.
This is what the message should look like in Spanish:
Su copia de software no es genuina.
Hemos detectado que el software que corre en su ordenador no es genuino, por favor complete una oferta a continuacion para desbloquear el equipo de forma permanente e inserte la llave a continuacion que le sera proporcionada tras completer la oferta.
To get the key, complete a survey by clicking HERE.
As visible by the message, ScreenLocker alleges the user of having counterfeit software running on his system. Even if that claim is right, users shouldn’t follow any instructions given by the cyber criminals. As we already said, the hacking team can only be attempting to obtain valuable information for their ‘ransomware research’.
What users are advised to do is run powerful anti-malware software to remove the threat immediately.
Also, we have compiled several prevention tips that should become your online security handbook. Not following them may have brought ScreenLocker in the first place.
Ransomware Prevention & Security Tips
- Use additional firewall protection.
- Always apply administrative control over your programs.
- Improve your passwords and store them in a safe place, preferably outside the computer.
- Turn off AutoPlay to prevent malicious files from accessing your PC.
- Disable File Sharing or make it password-protected when needed.
- Switch off any remote services.
- Disable FlashPlayer or use it with precaution.
- Regularly update your system and software.
- Carefully handle spam emails.
- Turn off wireless services, like Bluetooth. Turn them on only when needed.
- Employ automatic system protection via trusted AV software.
As soon as we have more information about the ScreenLocker threat, we will update this article. Meanwhile, we recommend following the instructions given below to rid the system of any ransom malware.
Ransomware Removal Instructions
1. Start Your PC in Safe Mode to Remove ScreenLocker.
For Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
For Windows 8, 8.1 and 10 systems:
Step 1: Open the Start Menu
Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.
Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
Step 5: After the Advanced Options menu appears, click on Startup Settings.
Step 6: Click on Restart.
Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.
2. Remove ScreenLocker automatically by downloading an advanced anti-malware program.
To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all ScreenLocker associated objects.
Security engineers recommend that you back up your files immediately, preferably on an external memory carrier in order to be able to restore them. In order to protect yourself from ScreenLocker (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
2-Type Backup And Restore
3-Open it and click on Set Up Backup
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by ScreenLocker.
For Windows 8, 8.1 and 10:
1-Press Windows button + R
2-In the window type ‘filehistory’ and press Enter
3-A File History window will appear. Click on ‘Configure file history settings’
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from ScreenLocker.
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
3- A System Properties windows should appear. In it choose System Protection.
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from ScreenLocker is on.
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
2-Click on the Previous Versions tab and then mark the last version of the file.
3-Click on Apply and Ok and the file encrypted by ScreenLocker should be restored.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter